The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6264 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6264-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     May 11, 2026                          https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : dnsmasq     CVE ID         : CVE-2026-2291 CVE-2026-4890 CVE-2026-4891                      CVE-2026-4892 CVE-2026-4893 CVE-2026-5172

    Multiple security vulnerabilities have been discovered in Dnsmasq, a     lightweight DNS forwarder and DHCP server, which could result in cache     poisoning, bypass of security controls, denial of service or local     privilege escalation.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 2.90-4~deb12u2.

    For the stable distribution (trixie), these problems have been fixed in     version 2.91-1+deb13u1.

    We recommend that you upgrade your dnsmasq packages.

    For the detailed security status of dnsmasq please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/dnsmasq

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dsa-6264 : dnsmasq - security update

high Nessus Plugin ID 314276

Version 1.3

Version 1.2

Version 1.1

Version 1.3 May 29, 2026, 5:27 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202605291727
Version 1.2 May 15, 2026, 6:15 PM Plugin metadata (Add IAVM Info) Plugin Feed: 202605151815
Version 1.1 May 12, 2026, 8:32 AM New Plugin Feed: 202605120832